However with great power comes great responsibility.
You need to ensure that your website is properly protected from threats.
In this post, I share 7 WordPress Security tips you need to know in order to help protect your website from hackers and spam.
1. Invest in good website hosting
All website hosting providers are NOT created equal. Selecting a provider who makes security a priority will help you better manage external threats to your website. Many websites are attacked through a security vulnerability in the site’s hosting platform.
Your hosting provider should :
- Support for the latest versions of PHP and MySQL
- Be optimized for running WordPress
- Include a WordPress optimized firewall
- Have malware scanning and intrusive file detection
- Have 24/7 support so staff can address security issues if your site has any
We use and recommend A2 Hosting and Wp Engine as quality hosting providers who also have a strong focus on security. Their customer service is also top notch to help you deal with security problems when they arise.
2. Lock down your site with a security plugin
WordPress Security plugins such as All In One WP Security and Firewall or iThemes Security protect your WordPress website from being easy targets of attacks due to plugin vulnerabilities, weak passwords and obsolete software. These plugins protect your website by:
- Changing the common login page
- limiting login attempts from brute force attacks
- forcing secure passwords to be used
- scanning your website for malware or other viruses
- fix small vulnerabilities on your site and give you a score for your website’s security that you can fix or get a developer to fix
3. Backup your website regularly
Backing up your website is an extremely important requirement in maintaining your website.
In the unpredictable scenario that your website is compromised and lost, a backup can help you quickly restore your content and save you time and money in having to rebuild a site from scratch.
Backup plugins that we recommend and use are:
- ManageWP (Back up, scan and update multiple wordpress websites in one dashboard)
- UpdraftPlus Backup and restoration (Great free backup plugin)
- Backup Buddy (Paid backup plugin)
Depending on how frequently you update your website, I would recommend at minimum – weekly updates.
Also, make sure that you send your backups off site – to a google drive or dropbox so that you can recover the file if your website goes down.
4. Update your website regularly
From time to time, plugins, themes and WordPress will require updating when the developers release security patches or add extra functionality.
It’s important to backup your website BEFORE you update, as updating plugins and WordPress can cause unforeseen issues.
Deactivated themes and plugins can leave your website vulnerable to attacks.
Your web hosting provider should allow you to do automatic updates of WordPress. I do recommend you select this option, particularly if you have multiple websites.
There are geeky debates on whether or not you should allow automatic updates, mainly because WordPress updates can cause themes and plugins to stop working properly.
As long as you update your website regularly (I schedule daily updates using ManageWP ), then the automatic updates are a good idea (in my opinion).
5. Scan your website for viruses/malware regularly
By scanning your website files regularly, you can detect whether your site has been infected by a virus, malicious code or identify any anomalies. Your web host should have an option for you to do this manually via your cPanel. Alternatively you can use a plugin such as Sucri Security to help automate this process.
Firewalls protect your WordPress website from 3rd party software attacks. Many security plugins have a built in firewall such as All In One WP Security and Firewall and iThemes Security that you can enable to protect your site.
7. Use a VPN for Secure logins
If you are going to log into your website using a public wifi such as a cafe or co-working space, make sure that you use a Virtual Private Network (VPN).
A VPN secures your computer’s internet connection to guarantee that all of the information you’re sending and receiving is encrypted and secured from prying eyes. I use ExpressVPN and Private Internet Access (I like to have options 😀 ).
WordPress (and other website frameworks) are popular targets for hackers and spammers. Being proactive with your website security is your best defence. I hope you found this blog
Being proactive with your website security is your best defence. I hope you found this blog valuable, if you did – please share the love. 😀